OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

IS-IS ESN TLV draft-chunduri-isis-extended-sequence-no-tlv-01 Uma Chunduri, Wenhu Lu, Albert Tian Ericsson Inc. Naiming Shen Cisco Systems, Inc. IETF 83,

OSPF Two-part Metrics Jeffrey Zhang Lili Wang Juniper Networks 88 th IETF, Vancouver.

IPv6 Keith Wichman. History Based on IPv4 Based on IPv4 Development initiated in 1994 Development initiated in 1994.

Internet Security CSCE 813 IPsec

ICE Jonathan Rosenberg Cisco Systems. Changes Removed abstract protocol concept Relaxed requirements for ICE on servers and gateways – no address gathering.

RSVP Cryptographic Authentication "...RSVP requires the ability to protect its messages against corruption and spoofing. This document defines a mechanism.

OSPF WG – IETF 68 - Prague OSPF WG Document Candidates Acee Lindem/Redback Networks.

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Nov 11, 2004CS573: Network Protocols and Standards1 IP Routing: OSPF Network Protocols and Standards Autumn

Temporal Key Integrity Protocol (TKIP) Presented By: Laxmi Nissanka Rao Kim Sang Soo.

1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Security & Efficiency in Ad- Hoc Routing Protocol with emphasis on Distance Vector and Link State. Ayo Fakolujo Wichita State University.

MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.

8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.

Ogier - 1 OSPF Database Exchange Summary List Optimization draft-ietf-ospf-dbex-opt-00.txt Richard Ogier Presented by Acee Lindem March 19, 2007 IETF 68.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Security Issues in PIM-SM Link-local Messages J.W. Atwood, Salekul Islam {bill, Department.

Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.

Karlstad University IP security Ge Zhang

1 Multi Topology Routing for OSPFv3 (draft-mirtorabi-mt-ospfv3-00.txt) Sina Mirtorabi

IPsec Introduction 18.2 Security associations 18.3 Internet Security Association and Key Management Protocol (ISAKMP) 18.4 Internet Key Exchange.

OSPF WG Stronger, Automatic Integrity Checks for OSPF Packets Paul Jakma, University of Glasgow Manav Bhatia, Alcatel-Lucent IETF 79, Beijing.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

1 Chapter 6 IP Security. 2 Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

6lowpan ND Optimization draft Update Samita Chakrabarti Erik Nordmark IETF 69, 2007 draft-chakrabarti-6lowpan-ipv6-nd-03.txt.

OSPF WG – IETF 67 OSPF WG Document Status or “You can bring a Horse to Water …” Rohit Dube/Consultant Acee Lindem/Cisco Systems.

OSPF WG – IETF 69 - Chicago OSPF WG Document Abhay Roy/Cisco Systems Acee Lindem/Redback Networks.

OSPF WG – IETF 66 OSPF WG Document Status Rohit Dube/Consultant Acee Lindem/Cisco Systems.

ICOS BOF EAP Applicability Bernard Aboba IETF 62, Minneapolis, MN.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Ασύρματες και Κινητές Επικοινωνίες Ενότητα # 10: Mobile Network Layer: Mobile IP Διδάσκων: Βασίλειος Σύρης Τμήμα: Πληροφορικής.

Authentication Header ● RFC 2402 ● Services – Connectionless integrity – Data origin authentication – Replay protection – As much header authentication.

1 draft-sidr-bgpsec-protocol-05 Open Issues. 2 Overview I received many helpful reviews: Thanks Rob, Sandy, Sean, Randy, and Wes Most issues are minor.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

Currently Open Issues in the MIPv6 Base RFC MIPv6 security design team.

OSPF WG Cryptographic Algorithm Implementation Requirements for OSPF draft-bhatia-manral-crypto-req-ospf-00.txt Vishwas Manral, IPInfusion Manav Bhatia,

OSPFv3 Auto-Config IETF 83, Paris Jari Arkko, Ericsson Acee Lindem, Ericsson.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

SubmissionJoe Kwak, InterDigital1 Simplified 11k Security Joe Kwak InterDigital Communications Corporation doc: IEEE /552r0May 2004.

RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.

Lecture 22 Network Security (cont) CPE 401 / 601 Computer Network Systems slides are modified from Dave Hollinger slides are modified from Jim Kurose,

K. Salah1 Security Protocols in the Internet IPSec.

Cryptography CSS 329 Lecture 13:SSL.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

Analysis of BFD Security According to KARP Design Guide draft-ietf-karp-bfd-analysis-01 draft-ietf-karp-bfd-analysis-01 Manav Bhatia Dacheng Zhang Mahesh.

Encryption and Network Security

RPSEC WG Issues with Routing Protocols security mechanisms

Multi-Instances ISIS Extension draft-ietf-isis-mi-08.txt

IS-IS WG IS-IS Cryptographic Authentication Requirements

Goals of soBGP Verify the origin of advertisements

Multi Topology Routing (MTR) for OSPF

In-Band Authentication Extension for Protocol Independent Multicast (PIM) draft-bhatia-zhang-pim-auth-extension-00 Manav Bhatia

IETF 97 Seoul, South Korea Yang Data Model for OSPF Protocol draft-ietf-ospf-yang-06 draft-ietf-ospf-sr-yang-00 Derek Yeung Derek Yeung

Fragmentation issues in IPv4/IPv6 translation

draft-ipdvb-sec-01.txt ULE Security Requirements

OSPF WG Status IETF 98, Chicago

Routing With a Link-State Protocol

draft-ppsenak-ospf-lls-interface-id-00

draft-ietf-ospf-lls-interface-id-00

Use of p2mp BFD in PIM-SM (over shared-media segment) draft-mirsky-pim-bfd-p2mp-use-case Greg Mirsky Ji Xiaoli

OSPF WG Supporting Authentication Trailer for OSPFv3

OSPF WG Status IETF 80, Prague CZ

Presentation transcript:

OSPF WG Security Extensions for OSPFv2 when using Manual Keying Manav Bhatia, Alcatel-Lucent Sam Hartman, Huawei Dacheng Zhang, Huawei IETF 80, Prague

Current State of Security OPSEC has published RFC 6039 that does an analysis on the vulnerabilities that exist in OSPFv2 despite it using the security and authentication mechanisms described in RFC 2328 and 5709 draft-ietf-karp-ospf-analysis identifies certain gaps that remain between the current security state and those identified in draft-ietf- karp-threats-reqs

Gaps Identified Replay Protection OSPFv2 uses Cryptographic Sequence numbers to prevent intra-session replay attacks Does not help in protecting against inter-session replay attacks IP Header Unprotected OSPFv2 uses the source IP to identify the neighbor in some cases IPv4 Header is not protected by the authentication digest

So what does this draft do? It fixes the issues identified during the OSPFv2 gap analysis Proposes two mechanisms to prevent inter- session replay attacks Extends the Authentication Sequence Number space Introduces the concept of Session ID and Nonce Fixes the IP header issue by factoring in the source IP address when computing the crypto digest - thus attacks which change this, will not be successful now

OSPF Hdr: Sequence Num = OSPF HELLO: Neighbor = B OSPF Hdr: Sequence Num = OSPF HELLO: Neighbor = A Router B goes down! OSPF Hdr: Sequence Num = 1 OSPF HELLO: Neighbor = 0 OSPF Hdr: Sequence Num = OSPF HELLO: Neighbor = B OSPF Hdr: Sequence Num = OSPF HELLO: Neighbor = 0 Router BRouter A OSPF Hdr: Sequence Num = OSPF HELLO: Neighbor = 0 OSPF Hdr: Sequence Num = 2 OSPF HELLO: Neighbor = A OSPF Hdr: Sequence Num = OSPF HELLO: Neighbor = 0 Router A accepts the packet and brings down the adjacency with B! Inter-Session Replay Attack OSPF Hdr: Sequence Num = OSPF HELLO: Neighbor = 0

So how do we fix this? (1/2) OSPF authentication mechanism is stateless and oblivious to the session information Router A for example doesn’t remember that it once had an OSPF session with B and the last cryptographic sequence number seen from B was Highly un-scalable and also requires B to keeping updating the non-volatile memory each time it increments a sequence number so that it can continue from there.

So how do we fix this? (2/2) Change the crypto sequence number generation algorithm at the sender side so that it always generates an increasing number (for both planned and unplanned restarts) Implement some algorithm that guarantees freshness of packets We describe both in the draft

Changing the crypto sequence number algorithm Currently the sequence number is a 32-bit monotonically increasing entity Expand this to 64 bits where: most significant 32-bits increment each time the router cold boots. last 32-bits remain unchanged The final sequence number is a concatenation of the above two numbers

OSPF Hdr: Sequence Num = 0:10001 OSPF HELLO: Neighbor = B OSPF Hdr: Sequence Num = 10:50001 OSPF HELLO: Neighbor = A Router B goes down! OSPF Hdr: Sequence Num = 11:1 OSPF HELLO: Neighbor = 0 OSPF Hdr: Sequence Num = 0:10011 OSPF HELLO: Neighbor = B Router BRouter A OSPF Hdr: Sequence Num = 0:10010 OSPF HELLO: Neighbor = 0 OSPF Hdr: Sequence Num = 11:2 OSPF HELLO: Neighbor = A OSPF Hdr: Sequence Num = 10:50000 OSPF HELLO: Neighbor = 0 Router A rejects this as sequence number < 11:2 So does this help? OSPF Hdr: Sequence Num = 10:50000 OSPF HELLO: Neighbor = 0

So where are we? We believe it solves the inter-session replay attacks with OSPF This solution does NOT guarantee packet freshness, i.e., you still don’t know if you are speaking to a live router or if somebody is playing out the entire conversation If you want to fix this then the draft spells out the challenge/response mechanism using the Session IDs and Nonces

Benefits Easy to implement - very minimal changes to the OSPF running code Consider this as part of the KARP infrastructure that even other routing protocols can use Minimal changes required in the OSPF packet encoding

Next Steps We need people who understand OSPF to look at this mechanism and see if they find some holes in it. If they think this is fool-proof then we can remove the Session ID and the Nonce stuff that currently exists in the draft Accept this as a WG document since there has been a lot of discussion on the mailing list and people have taken it positively there!

Feedback!

AB Source IP - X' OSPFv2 Data Authentication Data 1. OSPF Packet replayed and source IP changed from X to X' Authentication has been computed assuming source IP as X 2. B computes the digest assuming the source IP as X' 3. B rejects the packet as the computed digest does NOT match the digest carried in the packet! Protecting the source IP address